Path: utzoo!utgpu!jarvis.csri.toronto.edu!clyde.concordia.ca!uunet!mcsun!ukc!strath-cs!cs.glasgow.ac.uk!bru-cc!andrew From: andrew@cc.brunel.ac.uk (Andrew Findlay) Newsgroups: comp.protocols.kerberos Subject: Re: kerberos application to OSI Message-ID: <1201@Terra.cc.brunel.ac.uk> Date: 15 Dec 89 13:00:24 GMT References: <8912080934.AA11988@sytek.hls.hac.com> Reply-To: Andrew.Findlay@brunel.ac.uk (Andrew Findlay) Organization: Brunel University, Uxbridge, UK Lines: 34 In article <8912080934.AA11988@sytek.hls.hac.com> sytek!salzman@HPLABS.HP.COM (Michael M. Salzman) writes: > >The second aspect relates to the notion of a user space or environment >which is both authenticated and available network wide. It would seem >useful to incorporate the authentication features of Kerberos within >a service such as X.500, so that users in one domain could access >services in another domain, without prior arrangement. Similarly, a user >could travel to another location and have his environment available >to him including authentication information. X.500 already has the features you want. The standard provides for strong (public key) authentication between users and DSAs, and also between one DSA and another. The issue of key management is also addressed, though if DSA-to-DSA authentication is needed, there has to be a trusted Certification Authority. Mechanisms are defined to establish a "chain of trust" between DSAs that may not have previously communicated. For the full details see X.509 / ISO 9594-8 "The Directory - Authentication Framework". In principle, it would be possible to store each user's "environment" in the X.500 Directory. The login program would then need to incorporate a Directory User Agent so that the user could locate their entry when on a remote site. The "environment" would have to describe the location of the home directory etc - presumably to be accessed by FTAM... Andrew -- --------------------------------------------------------------------- | From Andrew Findlay at Brunel University, Uxbridge, UB8 3PH, UK | | Andrew.Findlay@brunel.ac.uk phone: +44 895 74000 x2512 | ---------------------------------------------------------------------